Tighten session ticket handling
Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit d663df2399)
This commit is contained in:
Emilia Kasper
@@ -225,6 +225,14 @@ int ssl3_connect(SSL *s)
|
||||
s->renegotiate=1;
|
||||
s->state=SSL_ST_CONNECT;
|
||||
s->ctx->stats.sess_connect_renegotiate++;
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
/*
|
||||
* If renegotiating, the server may choose to not issue
|
||||
* a new ticket, so reset the flag. It will be set to
|
||||
* the right value when parsing ServerHello extensions.
|
||||
*/
|
||||
s->tlsext_ticket_expected = 0;
|
||||
#endif
|
||||
/* break */
|
||||
case SSL_ST_BEFORE:
|
||||
case SSL_ST_CONNECT:
|
||||
@@ -2328,7 +2336,7 @@ int ssl3_get_new_session_ticket(SSL *s)
|
||||
}
|
||||
memcpy(s->session->tlsext_tick, p, ticklen);
|
||||
s->session->tlsext_ticklen = ticklen;
|
||||
/* There are two ways to detect a resumed ticket sesion.
|
||||
/* There are two ways to detect a resumed ticket session.
|
||||
* One is to set an appropriate session ID and then the server
|
||||
* must return a match in ServerHello. This allows the normal
|
||||
* client session ID matching to work and we know much
|
||||
|
||||
Reference in New Issue
Block a user